Making Risk Management Part of Strategy: Charles Holley, CFO-in-Residence

Save Article

Between the expanding regulatory environment and the fast pace of change due to digital innovations, the number and types of business risks that can impact enterprise strategy seem to have increased exponentially in the last 10 years. CFOs, given their leadership roles in setting and executing strategy, as well as managing risk and finance, are well positioned to help ensure that risks to the business are assessed, managed and integrated into the corporate strategy. And those include the risks of not taking advantage of an opportunity or not moving quickly enough in the marketplace.

Charles Holley

That may seem like a straight-forward prescription, but generally speaking, it’s very different from the traditional way of handling business risks that prevailed before 2008. Following the 2008 financial crisis, the regulatory environment became far more complex, and lack of compliance commonly presented a greater risk, not only to an organization’s operations but also to its ability to achieve its strategic goals. As CFO at the time, I found it imperative to integrate risk assessment and management with strategic planning and execution. I also worked with colleagues to bring enterprise risk management (ERM) into the corporate center, with major investments to strengthen compliance globally.

Because strategy reported to me, I put the risk group directly under the strategy function. The two groups were responsible for developing a risk identification and assessment process that was aligned to the strategy development process, so that the strategic plan addressed the business risks that could potentially derail it, as well as the potential upside risks. This approach still kept the business segments involved—after all, they have to make their own risk assessment at the field level—but having ERM at the corporate level enabled them to stay focused on the P&L and operations.

Drawing on my experiences and lessons learned in evolving a top-down, bottom-up approach to risk management, I believe the following steps can help CFOs incorporate ERM into strategy:

—Establish a strategic risk-awareness culture. Strategic risk-awareness means focusing not just on execution risks to the business plan but on the potential risks that can arise even if the business plan is executed flawlessly. For example, what could happen to the business’s capital allocation plan— and the strategies and investments it’s designed to fund if the credit markets slump and a large bond issuance has to be postponed? If the commercial paper market suddenly dries up, what is the business’s back-up for short-term cash needs?

A strong risk-aware culture starts at the top, by making the leadership team accountable. Although many organizations today have a dedicated chief risk officer, it’s also important to view each member of the executive management board as a risk officer and hold each other accountable to that standard, as I learned from another executive.

—Establish a robust ERM process that runs parallel to strategy development and goes deep into the company. The risk group should be constantly looking at a wide range of risks that could pose a threat to the business and provide opportunities. The types of risk that should be considered include regulatory, brand, competitive, financial, operational—whatever can affect the business. Then, the risk group and strategy group should collaborate to hone that list down to which risks could do significant damage to the enterprise strategy, and address how to avoid or mitigate those risks. They also should be looking at which risks could provide a strategic advantage, such as a competitor’s failure to embrace new technology and how that might impact the strategy.

—Centrally locate ERM and staff it with people who have a strategic mindset. The risk group should operate from the center, so that risk assessments are independent of operators’ responsible for P&L. The dedicated ERM staff should be able to discuss business risks from a strategic point of view with their counterparts in the strategy group. For example, I brought into the risk group people from strategy and FP&A who were experienced in looking at industry and market trends and marrying that information to what was happening in the businesses.

—Leverage the board. I found that boards often can see risks from a big-picture, 50,000 foot perspective that management might miss because they are so involved in day-to-day operations, so it can be helpful to solicit input from the board during the risk identification and assessment process rather than simply presenting the strategy for its review. The board can also provide a valuable outsider’s viewpoint on how to respond to strategic risks, and can even push back on management if warranted. For example, if management is focused on cost-cutting and decides not to fund a particular initiative because it is focused on the short-term benefits in terms of savings, the board might take a longer-term view and counsel management on the potential negative ramifications of not making the investment. In other words, sometimes management is focused on what the company can afford, while the board can step back and zero in on what the company can’t afford not to do.

—Gain buy-in from business unit leaders. If the business units don’t embrace the risk process, it could undermine the benefits of integrating ERM into strategy development. Ensure that the business unit leaders have a role in the risk assessment process by incorporating their views and observations on risks. Using the risk assessment process to look for strategic opportunities for the business units can help gain their leaders’ buy-in.

Having the capability to see the train that’s coming around the curve can be an enormous advantage when developing strategy. It provides the organization the ability to assess risk relative to the strategy and to proactively decide how to address it, rather than being in reactive mode. CFOs should lead the effort to integrate ERM with strategy development, making sure that both of those processes are robust and fully aligned. CFOs who don’t take the stand that ERM is important to strategy might be leaving their corporate strategy vulnerable to downside risks and blind to the upside ones that could give them an advantage.

Charles Holley, retired CFO of Walmart, serves as an independent senior advisor to Deloitte LLP and as CFO-in-Residence of the CFO Program, providing guidance and counsel to staff, clients and senior leadership. He also serves on the Board of Directors of Amgen, the Dean’s Advisory Board for the McCombs School of Business at the University of Texas at Austin and the University of Texas Presidents’ Development Board, as well as the University of Texas system Chancellor’s Council.

FX

Related Deloitte Insights

When U.S. tax legislation was signed into law in December 2017, many CFOs may have felt a sense of relief. But whatever bottom-line benefits tax reform may usher in, it also is creating a need for CFOs and tax leaders to rethink their tax departments — and how much they want to invest in them. Rather than crossing “tax” off the priority list, CFOs should consider investing the time now to explore how reform combined with automation and new operating models can create an opportunity to rethink the strategic role the tax function plays.

When Todd Ford was named CFO of Coupa Software in 2015, he brought to the provider of cloud-based financial applications more than 25 years of experience in finance, operations, venture capital, and public accounting. These experiences have led to a sharp focus on developing cross-functional business skills and driving toward digital transformation and real-time finance. Ford shares his views on how CFOs can advance digital transformation, and why the CFO role is evolving, in this discussion with James LaCamp, leader of the US Technology industry software practice at Deloitte & Touche LLP.

As the CFO role continues to expand, so too do the qualities and qualifications that companies seek in a new CFO, says Alyse Bodine, managing partner of the Heidrick & Struggles’ Philadelphia office and co-lead of the firm’s global Financial Officers Practice. She describes the most sought-after skillsets in recent and current CFO searches. Frequent ‘must haves’ include business partnering, leadership, and experience interacting with the board. Organizational leadership, influencing skills, and increasingly, the ability to become CEO are also key attributes company management and boards expect from CFOs.

Views & Analysis

Since being named CFO in 2013, Joan Binstock has led a drive to expand the contribution of finance to the firm, including new investments in people and technology. Ms. Binstock, who joined Lord Abbett in 1999 as chief operations officer, discusses the importance of broad finance and operations experience for CFOs in investment management firms, with Matthew White, partner, Deloitte & Touche LLP. She also talks about what has shaped her career journey with Carol Larson, senior audit partner, Deloitte & Touche LLP, and champion for Women in Finance for Deloitte’s CFO Program.

M&A transactions don’t always meet expectations, but an expanding array of digital tools may improve outcomes and provide CFOs with an opportunity to play a greater role in M&A strategy. CFOs are already starting to deploy such tools, based on the findings of Deloitte’s 2018 M&A trends report. Learn how these emerging digital capabilities can be applied to target screening, purchase accounting, post-deal integration and other stages of the M&A lifecycle.

More than three-quarters (80%) of corporate secretaries and governance professionals identify strategy as their primary board focus, with risk oversight coming in second at 42%, and board selection third at 29%, according to the 10th edition of the Board Practices Report from Deloitte’s Center for Board Effectiveness and the Society for Corporate Governance. The report covers many of the most pressing issues facing boards, including board composition and education, audit committee practices, new board member criteria and proxy issues.

Editor's Choice

Tax reform brought with it notable changes to Internal Revenue Code Section 162(m), the provision that limits the tax deductibility of compensation in excess of $1 million paid to “covered employees.” It also stipulates that CFOs are now automatically covered employees, subject to the revised rules. Elizabeth Drigotas, principal, Deloitte Tax LLP, and Michael Kesner, principal, Deloitte Consulting LLP, address some of the ways in which Section 162(m) rules have been modified by tax reform and potential implications for compensation strategies.

The recently passed tax legislation is expected to have significant and immediate financial reporting impacts on organizations. “The enactment of the new tax law in the closing days of 2017 presented a major challenge for publicly traded companies that are required to account for and disclose the effects of a change in tax law in the period of enactment,” notes Steve Kimble, chairman and CEO, Deloitte Tax LLP. Learn about the tax law changes that could have a significant financial statement impact, including in the areas of deferred tax assets and liabilities, recognition of a foreign subsidiary liability and tax credits.

Beyond the possible reduction in their U.S. tax liability, private companies in the U.S. may find another benefit from tax reform: being viewed as more attractive takeover targets by foreign buyers. “The strong domestic economy was already attracting more inbound investment to the U.S., and private companies may benefit the most because of recent deal dynamics, strategic priorities and current valuations,” says Steve Kimble, chairman and CEO, Deloitte Tax LLP. Learn about other provisions of the new law that could provide further incentive for U.S.-inbound deals.

About Deloitte Insights

Deloitte’s Insights for CFOs provides financial executives a customized resource to help them address the strategic, operational and regulatory issues they face in managing their finance organizations and careers, with top-line digests, research, perspectives and technical analyses.